package tgc.edu.xzy.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import tgc.edu.xzy.service.SysUserService;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
	@Autowired
	private SysUserService userService;

	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth
			.userDetailsService(userService)  	//设置用什么去查找用户
			.passwordEncoder(new BCryptPasswordEncoder()); //设置用什么去对密码加密，在spring boot 2.0这个是必须的
		auth
		    .inMemoryAuthentication().withUser("root").password("{noop}123").roles("DVP","SYSTEM");
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
			//安全器令牌
			http.csrf().disable();
		 	http.headers().frameOptions().disable();
			http.formLogin()
					//登陆请求不被拦截
					.loginPage("/login").permitAll()
					//设置默认登录成功跳转页面
	                .defaultSuccessUrl("/welcome")
	                //登陆失败的页面所有人都可以访问
	                .failureForwardUrl("/login");
			
			//请求的页面地址所有人可以访问
	        http.authorizeRequests().antMatchers("/static/**").permitAll();
	        http.authorizeRequests().antMatchers("/webjars/**").permitAll();
	        //退出页面所有人可以访问
	        http.logout().logoutUrl("/logout").permitAll();
	        //所有的请求都必须经过我的权限认证
	        http.authorizeRequests().anyRequest().authenticated();
	}
}
